Recap: An attacker exploited a vulnerability on their firewall that allowed unauthenticated users to reboot. Exploit was public, firewall was unpatched. Unlikely that the attack was targeted, making "cyber-attack" somewhat of a stretch in my book.
s/unknown/unlikely, according to the expert quoted in the piece.
> "So far, I don't see any evidence that this was really targeted," said Reid Wightman, senior vulnerability analyst at industrial cybersecurity firm Dragos Inc. "This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie," he said, using a term for an unskilled hacker.
Informally I'd say unlikely,formal analysis? Unknown. It is also likely for APT attackers maintain an inventory of their target's network. The "scan" could very well be an APT actor testing the exploit or using it as a distraction for other attacks. It's best to list what is possible and conclude there isn't enough information to lean either way. Maybe it's just semantics but I believe retroactive analysis should not list attribution without some evidence. Proactive analysis can of course state what attackers are likely to employ specific attacks.
Their first lesson learned: "Follow good industry practices for vulnerability and patch management". Retroactive or not, this sounds like just about every article about ransomware "attacks".
> there isn't enough information to lean either way
Somebody messed up keeping their infrastructure up to date, there is nothing in the article or linked document to suggest otherwise. Probabilities exist and the probability of automated scripts scanning a network segment for known vulnerabilities is still higher than an "APT" misbehaving and rebooting firewalls. Not leaning either way is often just feeding an unrealistic picture with FUD, which I find unconstructive.
I think you miss the whole point of an analysis. It isn't to enable some public discussion. The purpose is to present facts to decision makers that will use the information in the analysis to justify changes. Proactive can be speculative for obvious reasons. Retroactive carries a muh higher weight since we're talking about what has happened not what could have or may have happened. It's important to be very clear as to avoid misinterpretation,a decision maker that isn't familiar with the subject matter might misunderstand "unlikely" to mean you know for sure more sophisticated attackers will are not likely to have used this technique (after all, you have evidence on your hands) but what you meant is statistically these attacks are more likely to be untargeted. Especially non-technical readers don't know if you're guessing ,guesstimating based on objective trends or using evidence from the attack and comparing it with known attacker TTP. That's why i made the formal/informal distinction. Informally,i know what you /author meant.
There's a bill in congress (the "Securing Energy Infrastructure Act") that would pilot a program to move the most important control systems to use analog, manual controls.
Oh, joy. So it can take us days to reboot a grid blackout instead of minutes.
And analog is generally slower on the other end as well. So, if I can create a fast traveling disturbance, I can destroy your equipment before the analog system kicks in.
The problem isn't digital vs analog--it's connecting !@#$ to the Internet that doesn't belong on it.
I wish the lessons learned bullet points explicitly stated that management interfaces should only be accessed from internal bastion hosts (jump boxes). You'd be surprised how rare the practice is. Just getting people to disable internet access is a pain -- "but it has a really good password".
If the federal government wants things to change, they should form an independent red team, running exercises against private companies, and then help companies address issues (the US government leaning on a vendor gets a lot more action than Topeka Electric Coop). With fines to increase the cost of inaction.
The general consensus of reports thus far has been stupid, 101-level mistakes.
And guidelines and recommendations aren't going to help with people who don't read them.
E.g. Staff up NCATS [1], empower them with more binding regulation, and turn them loose to conduct non-requested tests of critical infrastructure
Most of standard solar panel installations in homes and buildings don't actually provide decentralization, as they tend to be linked to the grid in a way that they will not provide power at all if the grid is down.
Enabling decentralization requires extra hardware and installation costs, so it's usually not done. Essentially you need a solution to disconnect all your house from the grid in that case for safety reasons - so that your panels/batteries don't send voltage back to the grid potentially killing the repairmen fixing the broken lines, and when the grid does come up, re-linking to its frequency safely is a bit tricky, etc. It's not very hard, but it does require some extra stuff and thus expenses.
There’s absolutely an extra switch that needs to be installed, but I think it’s not so much the transfer switch requirement but two main things; 1) the battery cost, and 2) net metering.
Grid tie solar with net metering gives you all the benefits of a battery (except blackout coverage) with none of the cost. In other words, you get full retail value for 100% of your solar generation no matter when it comes or how much power you happen to be using at the time (because the meter runs backward, the grid acts like an infinite perfect battery)
Net metering is a nice solar subsidy while batteries where extremely expensive, but as battery costs plummet I assume net metering will also disappear. It’s not really fair for the utility after all to be paying solar customers retail rates for their generation.
Without net metering you will only get paid for solar power that you happen to use while it’s being generated, or that you can store for yourself to use later.
Finally, I’m not 100% sure but I would imagine a solar system with a transfer switch and no battery will just immediately overload or brownout if the grid is not there to keep the voltage steady. I would assume you need a battery to be able to serve any variance in your demand (e.g. a compressor turning on) even if your 1 minute average demand is actually running below your generation capacity.
TLDR: Batteries need to be cheap and net metering needs to die before you see most solar deployments that can run off grid.
The good news — if batteries are durable then a battery backed grid tied system can actually pay for the batteries and then some, if you can arbitrage the demand pricing curve. This is a win-win for everyone (including utilities) and IMO absolutely the future we’re heading towards.
Makes sense then,provided each building is self sufficient with it's own batteries to account for low sun exposure (few days of rain with <8hrs daylight)
Unfortunately, they will all be controlled by a smartphone app with its backend somewhere central... That’s just how it always seems to play out these days.
They still will likely connect to the internet in some form, and sets will have the same attack vulnerabilities that can have passive bot-nets that turn on when needed.
